Appearance
Quotas & Backpressure
The quota system provides sliding-window rate limiting with configurable actions per connection, opcode, or byte count.
Basic Configuration
cpp
config.quotas_.enabled_.store(true);
// Global limits per connection (1-hour sliding window)
config.quotas_.ingress_bytes_limit_.store(1048576); // 1 MB inbound
config.quotas_.egress_bytes_limit_.store(1048576); // 1 MB outbound
config.quotas_.msg_count_limit_.store(1000); // 1000 messages
config.quotas_.window_seconds_.store(3600); // 1 hour window
// Permissive mode: log violations but don't enforce
config.quotas_.permissive_.store(true);| Field | Type | Description |
|---|---|---|
enabled_ | bool | Master switch for quota enforcement. |
ingress_bytes_limit_ | int64 | Max inbound bytes per window (-1 = unlimited). |
egress_bytes_limit_ | int64 | Max outbound bytes per window (-1 = unlimited). |
msg_count_limit_ | int64 | Max messages per window (-1 = unlimited). |
window_seconds_ | uint32 | Sliding window duration in seconds. |
permissive_ | bool | If true, violations are logged but actions are not applied. |
Extended Quota Rules
For fine-grained control, define per-opcode or per-endpoint rules.
cpp
using namespace framework;
quota_limit_rule rule;
rule.kind = "io"; // "io" or "opcode"
rule.metric = "bytes"; // "bytes" or "count"
rule.direction = "read"; // "read", "write", or "both"
rule.opcode = 0; // Opcode to limit (0 = all)
rule.window_type = "sec"; // "ms", "sec", "min", "hour", "day"
rule.window_value = 60; // Window duration in window_type units
rule.soft_limit = 1024; // Soft threshold
rule.soft_action = "delay_and_warn"; // Action when soft limit exceeded
rule.hard_limit = 10240; // Hard threshold
rule.hard_action = "terminate"; // Action when hard limit exceededAvailable Actions
| Action | Description |
|---|---|
"delay_and_warn" | Delay the message and send a warning to the client. |
"reject" | Reject the message. |
"terminate" | Close the connection. |
Bypass Grants
Certain JWT grants bypass rate limiting:
cpp
// Default bypass grant (configurable):
config.quotas_.bypass_grants_.store(
std::make_shared<const std::vector<std::string>>(
std::vector<std::string>{"system:admin"}
)
);Quota Evaluator API
cpp
auto& quotas = app.get_state()->of_quotas();evaluate(session_id, opcode, direction, amount, bypass) — Check a message
cpp
auto result = quotas.evaluate(
session_id,
opcode_value,
protocol::fbs::TrafficDirection::Read,
message_size,
false // bypass_grant
);
if (!result.allowed) {
// Rate limited
fmt::println("Quota exceeded, retry after {}ms", result.retry_after.count());
}The quota_evaluation_result struct contains:
| Field | Type | Description |
|---|---|---|
allowed | bool | true if the message passes quota checks |
has_warning | bool | true if the soft limit was exceeded (logged, no action) |
action | LimitAction | The action taken (DelayAndWarn, Reject, Terminate) |
retry_after | milliseconds | How long the client should wait before retrying |
current_usage | uint64_t | Current usage in the sliding window |
limit_value | uint64_t | The limit that was exceeded |
set_session_quotas(session_id, rules) — Per-session overrides
cpp
quotas.set_session_quotas(session_id, rules_vector);remove_session(session_id) — Cleanup
cpp
quotas.remove_session(session_id); // Called on disconnect